Illinois researchers to develop more secure containers for computing environments

October 9th, 2017

The University of Illinois’ Sibin Mohan is among a group of researchers who have been awarded a $6.1 million grant from the Office of Naval Research, a division of the United States Department of the Navy, for a project that impacts software security, manageability, and performance, especially for cloud computing systems.

Sibin Mohan

The research project, led by the University of Wisconsin-Madison, involves what are known as containers, a light-weight variant of a virtual machine. Containers help software run reliably when moved from one computing environment to another, such as from an individual laptop to the cloud or between machines in a data center. These complex programs pull together everything an application needs to work, so those elements stay together when the application migrates.

However, developers often package containers with excess code that isn’t necessary for a particular application to run, making them “bloated.” Bloat impacts speed and even security, as extra code can lead to increased security vulnerabilities. The team, which also includes researchers from Oregon State University, the University of Toronto and computer security firm GrammaTech, seek to develop a methodology for de-bloating containers.

“We will analyze containers to see if we can partition them in such a way that critical and non-critical aspects are moved into separate containers,” said Mohan, research assistant professor in the Dept. of Computer Science and the Information Trust Institute at the University of Illinois. “If we can parse out unneeded code, we can potentially reduce security vulnerabilities while also improving the performance of the applications.”

Containers are a burgeoning industry, thanks in part to their use in the growing cloud computing industry. According to the firm 451 Research, which analyzes the tech industry, container technologies generated $762 million in revenue in 2016.

Led by Somesh Jha, a professor of computer science at Wisconsin, the team will develop new techniques with widespread impact on an issue that is hidden for most computer users but critically important. Researchers will hone in on the bare minimum of what a container needs to do its job in a particular instance.

The research group includes experts in computer systems, system measurement, program analysis and other areas. Notes Jha, “The team is right to handle this very complex, large-scale problem. And if we can create techniques to decrease container bloat, the potential benefit to society is huge in terms of software performance, security and trustworthiness.”

Those concerns and benefits become magnified in a military setting, underscoring the Office of Naval Research’s interest in providing research funding to the nation’s leading computer scientists. The grant, which began Sept. 30, was awarded under ONR’s Long Range Broad Agency Announcement for Navy and Marine Corps Science & Technology.